Skip to content

Commit

Permalink
tweak to verify docs
Browse files Browse the repository at this point in the history
  • Loading branch information
phillmv committed May 7, 2024
1 parent 3458739 commit 01c5aa5
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions pkg/cmd/attestation/verify/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,12 +54,14 @@ func NewVerifyCmd(f *cmdutil.Factory, runF func(*Options) error) *cobra.Command
To see the full results that are generated upon successful verification, i.e.
for use with a policy engine, provide the %[1]s--json-result%[1]s flag.
To specify a trusted signing identity that differs from the artifact's source
owner or repository, provide either the %[1]s--cert-identity%[1]s
or %[1]s--cert-identity-regex%[1]s flag.
For example, if you use a reusable workflow to release and attest your
artifacts, you can use the %[1]s--cert-identity%[1]s or
The attestation's certificate's Subject Alternative Name (SAN) identifies the entity
responsible for creating the attestation, which most of the time will be a GitHub
Actions workflow file located inside your repository. By default, this command uses
either the %[1]s--repo%[1]s or the %[1]s--owner%[1]s flag value to validate the SAN.
However, if you generate attestations with a reusable workflow then the SAN will
identify the reusable workflow – which may or may not be located inside your %[1]s--repo%[1]s
or %[1]s--owner%[1]s. In these situations, you can use the %[1]s--cert-identity%[1]s or
%[1]s--cert-identity-regex%[1]s flags to specify the reusable workflow's URI.
For more policy verification options, see the other available flags.
Expand Down

0 comments on commit 01c5aa5

Please sign in to comment.